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METHOD AND DEVICE FOR ENCRYPTING A MESSAGE 

Field of invention 

The present invention generally relates to the field 
of transmitting information from a sender to a receiver. 
More specifically, the present invention relates to a 
5 method and a device for encrypting a message for secure 
transmission of such a message from a sending device to a 
receiver. The invention further relates to a computer 
readable medium comprising instructions for bringing a 
computer to perform such a method, and a sending device 
10 and a system, respectively, comprising such a device. 

Background of the invention 

During transmission of information from a sender to 
a receiver, for example in a system including hand-held 

15 devices, there are basically four aspects that need to be 
fulfilled for obtaining a secure transmission with re- 
gards to authenticity, integrity, confidentiality and 
non- repudiation. However, confidentiality, i.e. that the 
information is kept secret during the transmission, is 

2 0 crucial in the field of digital communication, for exam- < 
pie in financial transactions or in e-commerce. This as- 
pect, as well as the other aspects, can be met by using 
cryptography . 

When using cryptography or a network security algo- 
2 5 rithm based on cryptography, random number data is used 

for different reasons and play an essential role. For ex- 
ample, random numbers are frequently used as encryption 
keys or for generation of encryption keys. Furthermore, 
random data is by definition difficult to determine or 
30 guess. 

Common methods of cryptography include symmetric en- 
cryption and asymmetric encryption. When using symmetric 
encryption, the same key is used for both encryption and 
decryption. The encryption key is used in conjunction 
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with an encryption algorithm, and different keys will re- 
sult in different outputs from the algorithm. The degree 
of security of the encrypted message depends on the se- 
crecy of the key and therefore on the random number used 
5 as the key or for generating the key, not on the secrecy 
of the algorithm. This makes it possible to use powerful 
standard algorithms, such as AES (Advanced Encryption 
Standard) , DES (Data Encryption Standard) or IDEA (Inter- 
national Data Encryption Standard) . The degree of secu- 

10 rity also depends on the length or bit size of the key. 
The longer the encryption key, the more difficult it is 
to break the cipher. 

When using asymmetric encryption, the sender and the 
receiver each has a private encryption key and a public 

15 encryption key. Thereby, confidentiality, authentication 
and non- repudiation is achieved. Commonly used asymmetric 
encryption algorithms include, for example, RSA (Rhivest- 
Shamir-Adleman) and DH (Dif f ie-Hellman) . 

It is a well-known problem that sources for true 

2 0 random numbers are difficult to find. Physical noise gen- 
erators, such as pulse detectors of ionizing radiation 
events, gas discharge tubes, and leaky capacitors, are 
one potential source. However, such devices are of lim- 
ited utility in network security applications. For exam- 

2 5 pie, incorporating one of these devices into a hand-held 

device will require a complex and possibly bulky design 
of the hand-held device. Furthermore, there are problems 
both with the degree of randomness and the precision of 
numbers generated by such devices . 

3 0 Another approach for obtaining random numbers for 

cryptographic applications is to use algorithmic tech- 
niques. However, these algorithms are deterministic and 
therefore produce sequences of numbers that are not sta- 
tistically random. Such numbers are often referred to as 
3 5 pseudo random numbers. 
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A widely used technique for pseudo random number 
generation is the linear congruent ial method. A sequence 
of numbers is obtained via the following equation 

5 X n+ i= (aX n +b) mod c, 

where X 0 is an initial number, i.e. the random seed. 
Usually, in a handheld device or a computer, the micro- 
seconds of the internal clock are used as random seed to 
10 initiate the algorithm. 

One problem with the above-mentioned method is that 
once a value, the random seed, has been chosen, the sub- 
sequent numbers in the sequence follow deterministically . 
This means that someone having knowledge of a part of the 
15 sequence could theoretically determine subsequent ele- 
ments of the sequence. 

It is possible to implement more advanced random 
number generators that use the internal clock as random 
seed, for example such as the algorithm used in Blue- 
20 tooth. This and similar algorithms are able to generate 
pseudo random numbers with improved statistical charac- 
teristics compared to the numbers generated by the linear 
congruent ial method. However, the pseudo random numbers 
are still of an insufficient quality in a statistical 
25 sense, i.e. when considering the degree of randomness. 

Thus, there remains a problem in finding a method, 
that can be implemented in a system comprising hand-held 
devices, that provide random numbers of good quality, ac- 
cording to the above-mentioned criterions, for generation 
3 0 of encryption keys for use in encryption algorithms in 

order to provide a secure transmission of information be- 
tween a sender and a receiver. 

Summary of the invention 
35 Thus, an object of the present invention is to pro- 

vide an improved method and device for generating an en- 
cryption key and encrypting a message. 
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This and other objects are achieved according to the 
present invention by providing a method, a computer read- 
able medium, a device, and a system having the features 
defined in the independent claims . Preferred embodiments 
5 are defined in the dependent claims. 

According to a first aspect of the invention, there 
is provided a method for encrypting a message for secure 
transmission of said message from a sending device to a 
receiver. The method comprises the steps of obtaining op- 
10 tical data, generating an encryption key using said opti- 
cal data as random seed, and encrypting said message us- 
ing said encryption key in an encryption algorithm. 

According to a second aspect of the invention, there 
is provided a device for encrypting a message for secure 
15 wireless transmission of said message from a sender to a 
receiver. The device comprises receiving means for re- 
ceiving optical data, said optical data representing val- 
ues of an optical parameter, processing means' for gener- 
ating an encryption key using said optical data as random 
20 seed, and encryption means for encrypting the message to 
be transmitted using said encryption key. 

According to further aspects of the invention there 
are provided a computer readable medium comprising in- 
structions for bringing a computer to perform the method 
25 according to the first aspect of the invention; a sending 
device arranged for obtaining a message and for sending 
said message to a receiver, comprising the device accord- 
ing to the second aspect of the invention; and an infor- 
mation management system comprising, inter alia, a plu- 
30 rality of digital pens that each comprises a device ac- 
cording to the second aspect of the invention. 

Thus, the present invention is based on the advanta- 
geous insight of using optical data as random seed for 
generation of an encryption key, which in turn is used in 
35 an encryption algorithm for encrypting a message. The op- 
tical data obtained in accordance with the method of the 
present invention presents the requisite degree of ran- 



BNSOOCID. <WO 0195091 A1 I > 



BNS oaae £ 



WO 01/95091 



PCT/SE01/01296 



5 

domness and unpredictability. In fact, the optical data 
can be considered as being "truly" random. Consequently, 
the degree of randomness is higher and the optical data 
used are more unpredictable as compared to the data used 
5 for random seed in the known methods described above. 

Thus, an improved degree of secrecy of the generated en- 
cryption key will be achieved. 

Traditionally, two distinct and not necessarily com- 
patible criteria are used to determine the quality of a 

10 sequence of random numbers, unpredictability and random- 
ness. In a "true" random sequence, each number is statis- 
tically independent of any other number in the sequence 
and is therefore unpredictable. Two criteria are used to 
validate the randomness of a sequence of numbers. First, 

15 uniform distribution of random numbers, which means that 
the frequency of occurrence of each of the numbers should 
be approximately the same. Second, independence between 
random numbers, which means that no value in the sequence 
can be inferred from any of the others. 

2 0 According to the preferred embodiment of the present 

invention, a surface, or a portion thereof, is scanned or 
read with an optical sensor, preferably a camera or a . 
light-sensitive sensor, thereby obtaining optical data 
representative of characteristics the read surface. The 
25 light-sensitive sensor being, for example, a CCD sensor 
(Charge -Coupled Device) or a CMOS sensor (Complementary 
Metal -Oxide semiconductor) . The obtained optical data are 
determined by and represent values of at least one opti- 
cal parameter, which is representative of physical condi- 

3 0 tions on the portion of the surface. 

Preferably, the optical data are obtained from a 
portion of a surface provided with a position code pat- 
tern, wherein the position code pattern includes optical 
readable markings. Each of said markings may be designed 
35 more or less arbitrarily. However, the design of each 
marking is preferably elementary, for example in the 
shape of round dots as shown in the detailed description 
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below. The position code pattern is implemented using any 
parameter, which may be used to achieve symbols of the 
above-mentioned type that may be detected or sensed by a 
detector or sensor. The parameter may be electrical or 
5 chemical or of any other type. However, the position code 
pattern is preferably optically readable since this fa- 
cilitates the appliance of the pattern onto the surface. 
Accordingly, the pattern should have the capability to 
reflect light, which not necessarily has to have a wave- 
10 length in the visible spectrum. 

Preferably, the parameter sensed and used for the 
generation of the encryption key is brightness, which is 
a relative measure of the intensity of the energy output 
of a light source that is visible for an optical sensor. 
15 In the preferred embodiment of the present invention, the 
brightness of light that is reflected from a portion of 
an illuminated surface is registered. Of course, the 
sensed light does not necessarily have to constitute re- 
flected light. Sensing of emitted light from luminous 
20 surfaces are also contemplated within the scope of the 

present invention, or any combinations of emitted and re- 
flected light. The brightness in the sensed light may, 
for example, depend on variations in the surrounding il- 
lumination, the quality of the printing of the pattern, 
25 the blacking of the markings, and/or the quality of the 

surface, e.g. a paper surface. Biometric factors may also 
have an impact on the brightness, for example the incli- 
nation of the pen. These and other factors introduce a 
considerable degree of randomness in the optical data. 
30 Furthermore, the fact that the optical sensor in itself 

is a noise generator will even further enhance the degree 
of randomness in the optical data. 

According to preferred embodiments of the invention, 
the optical data are processed according to a prepro- 
35 grammed order or scheme and organized in data fields of a 
predetermined length. The data fields, in turn, are pref- 
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erably organized in data records according to a predeter- 
mined scheme, e.g. in a predetermined order. 

According to a specific preferred embodiment of the 
present invention, and in order to even further improve 
5 the stochasticity of the optical data organized in said 
data records, the order of the data fields within the 
data records are rearranged according to a cyclic reor- 
dering algorithm. According to the cyclic reordering al- 
gorithm, the order of the rearranged data fields in dif- 

10 ferent data records may differ from one data record to 
another. Thus, a number of different reordering schemes 
may be used, including the case that for some data rec- 
ords, the order of the data fields is not altered at all. 
Preferably, the cyclic reordering is performed by shift- 

15 ing all data fields in each data record. The data fields 
may be shifted by a number of steps ranging from zero, 
i.e. no shift takes place, to a number corresponding to 
the number of data fields in the data record minus 1. 
Thus, the reordering algorithm contains information as to 

2 0 the number of steps each data field is shifted for a spe- 

cific data record. 

According to a specific embodiment of the present 
invention, the order of the data fields in each record 
included in a first set of data records are rearranged 
25 according to a first reordering algorithm. Thereby, a 

first set of rearranged data records is obtained. Then, 
the order of the data fields in each data record of a 
second set of data records are rearranged according to a 
second reordering algorithm, whereby a second set of re- 

3 0 arranged data records is obtained. In the generation of 

the encryption key, the first set of rearranged data rec- 
ords forms key data and the second set of rearranged data 
records forms input data, or vice versa, of the encryp- 
tion key used in the encryption algorithm. Alternatively, 
35 the key data and the input data form encryption data that 
can be used as material in an encryption process. For 
example, the material can be encrypted with the public 
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key of the receiver, to be used as encryption key or key 
material, to be compressed to an encryption key, for a 
symmetric encryption algorithm. The advantage of the de- 
scribed rearranging process is that the statistical char- 
5 acteristics, i.e. the randomness and unpredictability, of 
the processed data are significantly improved. 

According to a further preferred embodiment of the 
invention, it has surprisingly been found that a particu- 
lar high degree of stochasticity have been achieved using 
10 the specific reordering algorithm explained in greater 

detail below. In fact, the output data of the encryption 
algorithm, when using the optical data as random seed and 
the described reordering algorithm, constitute uniformly 
distributed noise according to prevalent statistical 
15 testing methods. 

According to an alternative preferred embodiment of 
the invention, the stochasticity of the obtained optical 
data organized in data records is improved using hash 
functions. According to this embodiment, a first hashing 
20 is performed on a set of a predetermined number of data 

records by a first algorithm, i.e. a first hash function. 
As understood by the person skilled in the art, hashing 
is an iterative process which will not be described in 
detail. Therefore, the term hashing output, as used here- 
25 inafter, refers to the result of all iterations included 
in the hashing. Thus, a first output, i.e. a first hash- 
ing output, is obtained from the first hashing. The first 
output is then used as an input to a second algorithm, 
which may be a second hash function. The output of the 
3 0 second algorithm, i.e. random numbers, is then, for exam- 
ple, used as the encryption key or for generating an en- 
cryption key in an encryption algorithm for encrypting a 
message. However, the second algorithm may alternatively 
be an iterative algorithm different from a hash function. 
3 5 For example, A3 or A5, which are stream ciphers and are 
used for symmetrical encryption, may be used. 
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The first hash function introduces distortion or 
noise in the obtained optical data used as input data. In 
other words, it shatter the regularities in the optical 
data and -the correlation between data fields included in 
5 the data records. The use of a second hash function, or 
an alternative, preferably iterative, algorithm, on the 
first output further improves the statistical character- 
istics of the data and provides a further distortion on 
the first output. Thus, the statistical characteristics, 

10 i.e. the randomness and unpredictability, of the proc- 
essed optical data are significantly improved using the 
method according to this embodiment . The improvement is 
such that the random numbers generated as a result of the 
method of this embodiment can be regarded as uniformly 

15 distributed white noise according to prevalent statisti- 
cal testing methods. According to a preferred alternative 
of this embodiment, symmetrical encryption algorithms are 
used in the first and second algorithms . By using the 
same encryption algorithm for the algorithms, the advan- 

2 0 tages of a simplified implementation of the program code 
of the algorithms and a saving of memory capacity are 
achieved . 

Furthermore, when using a symmetrical encryption al- 
gorithm, such as AES, for the actual encryption of the 
25 message, this encryption algorithm is preferably used in 
at least one of said algorithms as well, and preferably 
in both. However, it is conceivable within the scope of 
the present invention that other and different encryption 
algorithms may be used in each of said algorithms, as 

30 well as for the actual encryption of the message. Pref- 
erably, in order to even further improve the stochastic - 
ity of the encryption key, or of the random numbers used 
for generating the encryption key, statistical properties 
of the parameter are. This results in a higher degree of 

3 5 randomness and unpredictability . Examples of statistical 
properties preferably being used includes maximum, mini- 
mum and sum values of the sensed parameter. However, 
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other statistical properties are conceivable, such as 
mean values, standard deviation values, etc. As realized 
by the person skilled in the art, the use of said calcu- 
lation of statistical properties is by no means re- 
5 stricted to a specific embodiment of the present inven- 
tion. Contrarily, the statistical properties of the opti- 
cal data may be calculated and the result thereof may be 
used to improve the stochasticity of the optical data, 
and the encryption key generated therewith, regardless of 

10 the chosen method for generating the encryption key. 

Furthermore , the optical data used for generating an 
encryption key may constitute part of the message to be 
encrypted and transmitted. Alternatively, the optical 
data do not constitute part of the message. Furthermore, 

15 the step of obtaining optical data for encrypting the 
message may be obtained prior to, during, or following 
the procedure of obtaining the message to be encrypted. 
As an example, the encryption of the message may take 
place just prior to the actual transmission thereof. 

2 0 Then, the encryption key, including obtaining optical 

data, whether the optical data are extracted from the 
message or not, may be generated in connection with the 
encryption procedure. Alternatively, the generation of 
the encryption key may have been performed earlier, e.g. 
25 in connection with obtaining and storing the message, and 
a stored encryption key is used for the encryption. 

Suitably, the optical data used for generating an 
encryption key are stored in a storage medium prior to 
processing thereof. In an alternative embodiment the op- 

3 0 tical data are stored after the processing thereof. 

Preferably, a symmetrical encryption algorithm is 
used for the actual encryption of the message. There are 
a number of conceivable symmetrical encryption algorithms 
that are suitable, for example AES, DES, or IDEA. The use 
35 of an asymmetric encryption algorithm, such as the RSA, 

for the actual encryption of the message is also conceiv- 
able and lie within the scope of the present invention. 
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However, the present invention is not limited to a spe- 
cific encryption algorithm. 

According to preferred embodiments, the method and 
the device of the present invention is particularly well 
5 suited for implementation in a hand-held device, such as 
a digital pen. Such a digital pen would then comprise an 
optical sensor for obtaining a message to be transmitted, 
for instance from a surface provided with a position code 
pattern as described above. Preferably, the digital pen 

10 also comprises illumination means for illuminating a sur- 
face to be read by the optical sensor. The illumination 
means and the optical sensor may be restricted to a lim- 
ited wavelength range, such that the optical sensor pri- 
marily detects reflected light that are provided by the 

15 illumination means. Preferably, the optical sensor is 

also used for obtaining the optical data used for gener- 
ating an encryption key. Thereby, no additional sensor or 
random number generator is required within the limited 
interior of the digital pen. 

2 0 Furthermore, the digital pen comprises a processor 

or processing means for performing the steps of the pres- 
ent invention, as well as all the steps required for ob- 
taining, encrypting and transmitting a message. Further- 
more, the digital pen also comprises, inter alia, suit- 
25 able storing means for storing data, power supply means, 
e.g. a battery, as well as transmission means for trans- 
mitting the message to a receiver. 

According to a further embodiment of the invention, 
a pressure sensor is provided for obtaining pressure 

3 0 data. Since the pressure data relates to biometric fac- 

tors, such as movements of the hand, the degree of ran- 
domness of the pressure data is high. The pressure data 
can then be used in combination with the optical data as 
random number data or random seed, in the generation of 
3 5 an encryption key, in order to enhance the degree of ran- 
domness in the random seed. 
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Also, according to yet another embodiment of the in- 
vention, time data are obtained and used in combination 
with the optical data as random seed in order to enhance 
the stochasticity of the random seed. Although time data 
5 is deterministic by nature, the degree of randomness of 
the combined data will not be decreased. The time data 
are preferably provided by the internal clock of the 
processing means. The thus obtained random seed may be 
subsequently used in the generation of the encryption key 
10 in the manner as described above. 

As understood be the person skilled in the art, 
there are other related areas where the random numbers 
generated from optical data in accordance with the pres- 
ent invention may be utilized. One such area is authenti- 
15 cation of a sent or received message. 

Another area is key transport from a sender to a re- 
ceiver. Then, the random numbers are encrypted with a 
public key of the receiver and are used as an encryption 
key or key data, to be subsequently compressed to an en- 
2 0 crypt ion key, for a symmetric encryption algorithm. 

The random numbers can also be used to generate 
prime numbers for RSA or DH keys. 

As realized by the person skilled in the art, the 
method and the device of the present invention, as well 

2 5 as the preferred embodiments thereof, are suitable to re- 

alize as a computer program or a computer readable me- 
dium, preferably within the contents of a digital pen. 

Further objects and advantages of the present inven- 
tion will be discussed below by means of exemplifying em- 

3 0 bodiments. 

Brief description of the drawings 

Preferred embodiments of the invention will now be 
described in greater detail with reference to the accom- 
35 panying drawings, in which 

Fig. 1 shows an embodiment of an information manage- 
ment system according to the present invention; 
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Fig. 2 schematically shows an embodiment of a prod- 
uct provided with a position-code pattern; 

Fig. 3 schematically shows an embodiment of a send- 
ing device according to the present invention ; 
5 Fig. 4 shows a flow diagram illustrating an embodi- 

ment of a method according to the present invention for 
encrypting a message using optical data; 

Fig. 5 shows a flow diagram illustrating an algo- 
rithm of a first embodiment for increasing randomness in 
10 optical data used for generating an encryption key; 

Fig. 6 schematically shows the order of data fields 
within a key data block and an input data block prior to 
a cyclic reordering procedure according to an embodiment 
of the present invention; 
15 Figs 7A and 7B schematically show the order of data 

fields within the key data block and input data block, 
respectively, after said cyclic reordering procedure; and 

Fig. 8 shows a flow diagram illustrating an algo- 
rithm of a second embodiment for increasing the random- 

2 0 ness in the input data used for generating an encryption 

key. 

Description of preferred embodiments 

In the following, an information management system 

25 in which the present invention can be implemented is de- 
scribed with reference to Fig. 1. After this general 
presentation of the system structure, a product provided 
with a position code pattern will be described with ref- 
erence to Fig. 2. Then, with reference to Fig. 3, a send- 

30 ing device, in which the present inventive method and de- 
vice can be implemented, designed for reading and obtain- 
ing optical data from the position code of Fig. 2 is 
shown. 

With reference first to Fig. 1, an information man- 

3 5 agement system in which a position- code product and a 

sending device, such as a digital pen, can be integrated 
is shown. There are many inter-reliant actors involved in 
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the system of Fig. 1: companies manufacturing the digital 
pens ("pen manufactures") , companies manufacturing the 
position-coded products ("paper manufactures"), companies 
providing different services by means of service handler 
5 units ("service handlers") , a company administrating the 
position-code based on the virtual space database 
("pattern administrator") , operators providing the commu- 
nication links between the digital pens and the different 
units ("network operators") , and a multitude of users of 
10 digital pens ("pen owners") . 

The system of Fig. 1 includes a multitude of sending 
devices or digital pens DP and position code products P 
(only one of which being shown in Fig. 1) , a look-up unit 
ALS, and a plurality of service handler units SH (only 
15 one of which is shown in Fig. 1) . It should be noted that 
the information can be transmitted in any suitable way 
from the digital pen DP to the look-up unit ALS and the 
service handler unit SH. In one embodiment, wireless 
transmission of information is effected from the digital 
20 pen DP to a network connection unit, which in turn trans- 
mits the information to the look-up unit ALS and service 
handler unit SH, respectively. The network connection 
unit can be an integral part of the digital pen DP. Al- 
ternatively, the network connection unit can be a mobile 
25 phone or a computer or any other suitable unit with an 

interface to a computer network such as the Internet or a 
LAN. The look-up unit ALS is connected to a virtual space 
database GSDB which includes data on the functionality of 
every position coded by the position code PC and the ac- 
30 tor associated with each such position. The look-up -unit 
ALS is also connected to a pen database PDB, which in- 
cludes data on all digital pens in the system, such as 
the unique pen identifier of each pen and all settings or 
properties that are associated with each pen. The pen da- 
35 tabase PDB also includes data relating to the manufac- 
turer of each pen. In addition thereto, the look-up unit 
ALS is connected to an event database GEDB, which in- 
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eludes data on the transactions taking place in the look- 
up unit ALS, i.e. the address requests made by the pens 
in the system and the address responses returned to the 
pens, as well as any errors occurring in the process. As 
5 an alternative to individual databases as shown in Fig. 
l f the look-up unit ALS could be connected to one all- 
embracing database . 

The system also includes one or more networks in 
which network operators handle the communication between 
10 the digital pens DP and the look-up unit ALS, and between 
the digital pens DP and the service handler unit SH. To 
this end, the owner of a pen has opened a subscription at 
one of the network operators. This network operator could 
also act as a service handler in the system, for example 
15 by means of a server unit SP providing communication 
services that allows the pen owner to send electronic 
messages, for example e-mail, SMS or fax, based on infor- 
mation written on the position- coded products P by means 
of the digital pen DP. The server unit SP of the network 
20 operator could also provide for network storage of infor- 
mation generated in the system, for example entries in an 
position-coded calendar or notebook. When acting as a 
service handler, the network operator maintains an appli- 
cation database ASDB which contains data on user- specif ic 
25 settings for different applications, for example a signa- 
ture or electronic business card to be attached to e-mail 
messages, where and how to store sent messages, etc. 

In the embodiment of Fig. 1, the system includes 
Internet portals hosted by one or more web servers which 
30 are interfaced with the databases of the system, one por- 
tal of which PI being shown in Fig. 1. The portal PI is a 
so-called Partner Portal, i.e. a portal which allows pen 
manufactures, paper manufactures, service handlers and 
network operators to access selected portions of the da- 
3 5 tabases of the system, via an interface unit IF. An exam- 
ple of another portal is a so-called Pen Owner Portal, 
i.e. a portal which allows for the pen owners to access 
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selected portions of the databases of the system. In an 
alternative embodiment, the functionalities of the two 
portals are merged into one common portal . 

In the communication between the different partici- 
5 pants illustrated in Fig. 1, it is desirable that the in- 
formation is sent in a secure way, i.e. by using encryp- 
tion and digital signatures. If the digital pen DP sends 
confidential information to the service handler unit SH, 
the digital pen DP encrypts the information and the serv- 

10 ice handler unit SH will, in order to decipher the infor- 
mation, decrypt it. The digital pen DP can use either 
symmetric encryption or asymmetric encryption. 

In Fig. 2, a portion of a product, such as the posi- 
tion-coded product used in the system of Fig. 1, in the 

15 form of a paper 1, provided with, on its surface 2, an 

optical readable position code pattern 3 which enables a 
determination of the position. The position code pattern 
includes markings 4, which are methodically arranged over 
the surface 2 . The Applicant proposes in the interna - 

20 tional patent application WO 01/16691, which is incorpo- 
rated herein by reference, the use of a product having a 

writing surface which is provided with such a position 

i 

code. The position code, which codes a plurality of posi- 
tions on the surface, enables electronic recording of in- 

25 formation that is being written on the writing surface, 
by means of a digital pen which detects the position 
code. The position code is capable of coding coordinates 
of a large number of positions, much larger than the num- 
ber of required positions on the product. Thus, the posi- 

3 0 tion code can be seen as forming a virtual space which is 
defined by all positions that the position code is capa- 
ble of coding, whereby different positions in the virtual 
space can be dedicated for different functions and/or ac- 
tors . It should be noted that the position code pattern 

35 shown in Fig. 2 is, for the sake of clarity, greatly en- 
larged. 
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Fig. 3 shows a schematic representation of an em- 
bodiment of a sending device designed for reading, for 
example, a position code pattern of Fig. 2. According to 
the preferred embodiments of the present invention, the 
5 device is a digital pen. The pen DP comprises a housing 
5, shaped in a pen-like form. An opening 6 is provided at 
one end portion of the housing 5. The opening is intended 
to rest against, or to be held at a short distance from, 
the surface S from which information is to be obtained. 
10 Within the housing 5 an optical unit, an electronic 

unit, and a current supply unit are incorporated. Accord- 
ing to further embodiments of the digital pen, a pressure 
sensor unit may also be comprised within the housing 5, 
which will be discussed below. 
15 The optical unit comprises a diode 7, arranged to 

illuminate the surface provided with the position code, 
and a light-sensitive sensor 8, for example a CCD sensor 
(Charge -Coupled Device) or a CMOS sensor (Complementary 
Metal -Oxide semiconductor) , arranged to register two- 
20 dimensional images. The current supply unit is in this 

embodiment a battery 9, arranged in a separate container." 

The electronic unit 10 comprises a processor device 
including image-processing means, encryption means and a 
processor programmed to read images from the sensor 8 and 
25 to perform determination of the position and decoding of 
information on the basis of the images. Furthermore, the 
processor is programmed to perform computations in order 
to, for example from an image received from the sensor, 
calculate properties of the optical data obtained from 
3 0 the image. The data resulting from these computations can 
be used as input data for other computations or algo- 
rithms, such as encryption algorithms. In this embodi- 
ment, the AES and RSA algorithms are implemented in the 
processor device. 
3 5 Also, the electronic unit 10 comprises a memory or 

data storage that is arranged, for example, to store data 
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received from the processor or the sensor, as well as 
program instructions for the processor device. 

Furthermore, the pen may comprise a keypad 11, which 
enables activation and controlling of the pen. A trans - 
5 ceiver 12 for wireless communication, by means of IR- 

light or radio* waves, with other participants of the sys- 
tem of Fig. 1 is also included. Additionally, a display 
13 for showing, for example, registered information can 
be included. The keypad, the transceiver, and the display 
10 are in communication with and controlled by the elec- 
tronic unit 10. 

It should be noted that the illustration of Fig. 3 
is schematical and that the actual configuration of the 
parts comprised within the pen may differ from the con- 
15 figuration shown without departing from the scope of the 
pr e s ent i nven t i on . 

In the above-mentioned embodiment, the position- code 
pattern is an optical readable pattern and, thus, the 
sensor is an optical sensor. The position code pattern 

2 0 can be based on another parameter than an optical parame- 

ter as mentioned above. In that case, the sensor must, of 
course, be of such a type that is capable of reading the 
parameter in question. 

The combination of a digital pen and a position- 

25 coded product can be used as an input device to a com- 
puter, a PDA, a mobile phone, or the like. 

For example, text and sketches written on a posi- 
tion-coded notepad can be transferred via the pen to a 
computer. Additionally, the combination of a pen and a 

30 position-coded product allows for global communication, 
directly from the product via the pen, by the position 
code on the product being dedicated for such communica- 
tion. For example, the information registered by the pen 
can be transformed into a fax message, an e-mail or an 

3 5 SMS, and can then be sent from the pen to a recipient. 

Further, the combination of a pen and a position-coded 
product can be used in e-commerce. For example, the digi- 
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tal pen can be used to order an item from a position- 
coded advertisement in a magazine, by the position code 
in the advertisement being dedicated for such a service. 
The above concept has been implemented in a system 
5 or infrastructure, which is shown in Fig. 1 and which is 
further disclosed in Applicant's international patent ap- 
plications PCT/SEOO/02640, PCT/SEOO/02641 , and 
PCT/SE00/02659, which are incorporated herein by refer- 
ence . 

10 There will now be presented in the form of a flow 

diagram, with reference to Fig. 4, the inventive method 
for encryption of a message based on information written 
on the position coded products of Fig. 2 by means of the 
sending device of Fig. 3, and to thereby provide a secure 
15 transmission of said message from a sending device to a 
receiver, for example in the form of an e-mail, an SMS, 
or a fax. Furthermore, the position coded product and the 
sending device is preferably incorporated in a system as 
presented in Fig. 1. 
2 0 Beginning at step 410, a patterned surface is read 

or scanned by the sensor 8, whereby an optical image 01 
is obtained. The image OI is then stored as a mapping of 
the pattern in an image storing medium. The optical image 
OI or the optical data representing the image includes a 
25 predetermined number of pixels. Each optical image 01 is, 
in turn, divided into a predetermined number of sub- 
images or image elements, wherein each image element in- 
cludes a predetermined number of pixels. The size and 
nuTnber of these pixel representations, i.e. the resolu- 
30 tion, is adjustable. 

According to one exemplifying embodiment, each opti- 
cal image includes 96x96 pixels. Furthermore, the 96x96 
pixels are divided in a matrix constituent of 16x16 image 
elements, wherein each image element consequently con- 
35 sists of 6x6 pixels. Of course, there are any number of 

conceivable pixel configurations of an optical image that 
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can be used without departing from the scope of the pres- 
ent invention. 

At step 420, decoding of information comprised in 
the data of the optical image is performed. In the pre- 
5 f erred embodiment, the resulting optical data OD comprise 
information of the brightness on the portion of the sur- 
face that has been read. Factors having an influence on 
the sensed brightness have already been discussed above. 
The brightness is represented by discrete values. In the 

10 preferred embodiment of the present invention, a white 
surface corresponds to a value of 255 and a black sur- 
face, e.g. a black marking, corresponds to a value of 0. 
To enhance the dynamics of the optical data, it is pre- 
ferred that each image element, representing a portion of 

15 the surface, includes data of at least one marking and at 
least a portion of a surface surrounding the markings. 

However, any of the input values from the digital 
pen's sensors, such as pen pressure, coordinates, time, 
or the like, can be used as parameters for key genera - 

20 tion. These parameters are then used in combination with 
the optical data OD or in combination with computer ran- 
dom seeds . 

At step 430, the optical data OD produced by the 
sensor are processed to calculate specific statistical 

25 properties of the optical data. According to the most 

preferred embodiments, a maximum value, a minimum value 
and a sum value of the intensity or brightness of a num- 
ber of pixels are calculated and used in the continued 
process as optical data. The thus calculated statistical 

3 0 values are hereinafter referred to as processed optical 
data POD. This calculation is performed on each image 
element, i.e. on the optical data OD represented in each 
image element, respectively. There are, of course, other 
preferably statistical properties that may be calculated, 

35 such as a mean value, or a standard deviation value. 

Thereafter, at step 440, the resulting sequence of 
processed optical data POD is organized in bit-groups or 
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data fields. According to the most preferred embodiment 
of the present invention, each image element is repre- 
sented by one data record DR and each data record DR con- 
sists of four data fields. The first two data fields con- 
5 tain the calculated sum value, the third contains the 
calculated minimum value, and the fourth contains the 
calculated maximum value. Thus, a sequence of data rec- 
ords DR is produced from one optical image, each data re- 
cord corresponding to one image element of the image. 
10 When the data records DR are produced, they are option- 
ally stored in a cyclic register, prior to the use as 
random number data, and are arranged in the processor de- 
vice to be accessed by the processor when required, for 
example at the transmission of a message. 
15 Then, at step 450, the sequence of data records DR 

is processed in an algorithm in order to increase the 
stochasticity of the processed optical data in the data 
records. This is due to the fact that the processed opti- 
cal data POD are not one hundred percent random in a sta- 
20 tistical sense. Thus, it is desirable to perform addi- 
tional processing in order to improve the statistical 
characteristics of the optical data, i.e. increase the 
randomness or stochasticity of the processed optical 
data, before the processed optical data is used as a ran- 
25 dom seed. Figs 5 and 8 show two different algorithms of 
two alternative embodiments of the present invention for 
increasing the randomness of the processed optical data. 
These algorithms will be described in greater detail be- 
low. 

30 Finally, at step 460, the processed optical data are 

used as an encryption key EK in an encryption algorithm 
and encryption of a message obtained from the position- 
coded surface using the digital pen is performed. 

According to an alternative embodiment, the proc- 

35 essed optical data is, at step 460, used for authentica- 
tion of a sent message. Then, the processed optical data 
are used as random number data, which is encrypted by 
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means of an encryption key, for example a private key of 
the digital pen, and the encrypted random number data is 
used for authentication of said sent message. 

Encryption algorithms, such as the AES encryption 
5 algorithm, uses block encryption. A block cipher, i.e. an 
encryption algorithm using block encryption, is a method 
of encryption text (to produce ciphertext) in which an 
encryption key and algorithm are applied to a block of 
data at once as a group rather than to one bit at a time . 

10 The main alternative method, used much less frequently, 
is called the stream cipher. 

There is a cryptologic difficulty when the text to 
be encrypted contains static data, that do not change 
from on text to the other. If different encryption keys 

15 are used to encrypt the text that contains static data, 
an attacker could draw conclusions regarding the key if 
the position of the static data is known by the attacker. 
In order to prevent this, it is common to apply the ci- 
pher text from the previous encrypted block to the next 

20 block in the sequence. This way of encrypting in block 

ciphers are often referred to as CBC (Cipher Block Chain- 
ing) encryption. The encryption of the block including 
the static data is then dependent of all previous text 
blocks, which makes it more or less impossible to draw 

25 conclusions regarding the key from the encryption of the 
static data. To ensure this, an initiation vector derived 
from a random generator is combined with the text in the 
first block. Consequently, and according to preferred em- 
bodiments of the present invention, the processed optical 

30 data are used for forming both the encryption key, i.e. 
the key data block, and the initiation vector, i.e* the 
input data block. 

With reference now to Fig. 5, there is shown a flow 
diagram of the method according to a first preferred al- 

35 gorithm in accordance with the present invention for in- 
creasing the randomness or stochasticity of the processed 
optical data and to produce random numbers. It should be 
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noted that the following description with reference to 
Figs 5, 6, 7A, and 7B corresponds to step 450 of Fig. 4. 

First, at step 510, the sequence of data records, 
obtained at step 440 of Fig. 4, is organized into data 
5 blocks, wherein each data block is determined or labeled 
as either a key data block KB or an input data block IB, 
in accordance with the description above. According to 
the most preferred embodiment of the present invention, 
four subsequent data records are organized in a single 

10 data block. Furthermore, every second data block is a key 
data block KB, and the intermediate data blocks are input 
data blocks IB. 

Then, at step 520, the key data blocks KB are proc- 
essed according to a first mathematical algorithm, and at 

15 step 53 0 the input data blocks IB are processed according 
to a second mathematical algorithm. The mathematical al- 
gorithms define a cyclic reordering or shifting procedure' 
of the data fields included in the key data block KB and 
the input data block IB, respectively. 

2 0 With particular reference to Fig. 6, the order of 

the data fields within a key data block KB or an input 
data block IB are shown prior to the shifting procedure. 
The records are shown schematically as boxes divided into 
four elements, each element representing a data field. In 
25 the most preferred embodiment, the fields indicated with 
1 and 2 include the sum of brightness, the fields indi- 
cated with 3 the minimum, and the field indicated with 4 
the maximum. The cyclic shifting scheme of the data 
fields included in the key data block KB is shown below 

3 0 in table 1. 



Data record 


Steps 


A 


0 


B 


3 


C 


2 


D 


1 



Table 1 
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In Fig. 7A, the order of the data fields within the 
key data block after the cyclic shifting has been per- 
formed is shown. The data fields of the first data rec- 
5 ord, record A, retain their positions, the data fields 

within the second record, record B, are shifted three po- 
sitions to the right, the fields within the third record, 
record C, are shifted two positions to the right, and the 
fields within the fourth record, record D, are shifted 
10 one position to the right. The data block output as a re- 
sult of the reordering algorithm for a key data block is 
referred to as reordered key data block, RKB. 

In table 2, the cyclic shifting scheme of the data 
fields included in the input data block IB is shown. 
15 



Data record 


Steps 


A 


1 


B 


2 


C 


3 


D 


0 



Table 2 



In Fig. 7B, there is shown the order of the data 
fields within the input data block after the cyclic 

20 shifting, to the right, has been performed. The data 
fields within the first data record, record A, are 
shifted one position, the data fields within the second 
data record, record B, are shifted two positions, the 
data fields within the third data record, record C, are 

25 shifted three positions, and the data fields within the 

fourth data record, record D, retain their positions. The 
data block output as a result of the reordering algorithm 
for an input data block is referred to as reordered input 
data block, RIB. 

30 It should be noted that a wide variety of shifting 

algorithms may be used within the scope of the present 
invention to obtain reordered or rearranged key and input 
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data blocks. However, it has surprisingly been found that 
the above described reordering of the data fields within 
the data records included in the key data block and the 
input data block provides a particular and considerable 
5 improvement of the desired statistical properties for the 
output data of an ensuing encryption, when using the re- 
sult of the reordering procedure as key data and input 
data for the encryption. In other words, the randomness 
and stochasticity of the output data is increased and the 
10 predictability is decreased. In fact, according to sta- 
tistical testing procedures recognized within the art, 
the output data of the encryption algorithm, i.e. the en- 
crypted message, can be regarded as uniformly distributed 
white noise. This unexpected effect is due to the fact 
15 that the correlation between the processed optical data 
included in the data fields within a data record, which 
in turn is transmitted to the output data of the encryp- 
tion algorithm, is shattered by the above-mentioned reor-^ 
dering procedure. 
20 Then, at step 540, the data in the thus reordered 

key and input data blocks are used as the encryption key, 
key data KD, and the initiation vector, input data ID, 
respectively, for the encryption algorithm. 

Finally, at step 550, the method is returned to the 
25 procedure shown in Fig. 4 at step 460, where the actual 
encryption of the message is performed using, in this 
preferred embodiment, the AES encryption algorithm. How- 
ever, other encryption algorithms are of course contem- 
plated within the scope of the present invention. 
3 0 Below, a second alternative preferred embodiment of 

an algorithm for improving the statistical characteris- 
tics of the processed optical data will be described, 
with particular reference to Fig. 8. 

The algorithm can be regarded as having two parts . 
35 In the first part, referred to as the seed update, a ran- 
dom seed is calculated based on the processed optical 
data. In the second part, referred to as the random num- 
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ber calculation, the thus calculated random seed is used 
as input data for calculation of the random numbers to be 
used in the encryption algorithm. 

Data blocks that include a subset of the sequence of 
5 data records containing the processed optical data form 
the input data in the seed update part. The data records 
comprise data fields, preferably organized as is de- 
scribed above in relation to the first preferred embodi- 
ment. Thus, each data record includes four data fields, 
10 the first two including the sum value, the third the 

minimum value, and the fourth the maximum value, see Fig. 
6. 

At step 810, each data block is processed in a first 
hash function, which in this embodiment is an encryption 

15 algorithm, in order to increase the randomness of the 

data records containing the processed optical data. The 
first hash function is, in this embodiment, a symmetrical 
encryption algorithm. The data records containing the 
processed optical data are used as the encryption key, 

20 and an arbitrarily chosen vector is used as the initia- 
tion vector. However, it is preferred that the number of 
ones and zeros are substantially equal and appropriately 
distributed throughout the initiation vector. This can be 
achieved by using the previous seed as the initiation 

25 vector for the hashing algorithm, which will remove the 
risk of patterns that may be produced due to frequent 
seed updates with substantially similar input data, and 
will improve the quality of the random seed. 

Then, at step 820, an iterative process concatenates 

3 0 each hashing output or hash value, HV, and thereby forms 
hashing output data blocks. This is due to the fact that 
a hashing process normally results in an output having a 
data size that is less, or much less, than the data size 
of the input data. The number of iterations is dependent 

35 on the desired size of the output data. 

The output data blocks are then divided into key 
data blocks and seed data blocks at step 830. The key 
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data blocks and seed data blocks are used as input data 
in the random number calculation part. This can mathe- 
matically be written as 



10 



Input data: optical data 
Calculation: SI X 
Output data: seed input 

key data 
seed data 



« SU 2 * m -i . • SUnSUo 

= Hash n (SI x , SU X ) 

= Sl2*ra-1 • .SIiSIo 

= SKca-i . . SKiSKoSDm-i . 

= SIQn-i . • SKiSKq 

= SD m -i. .SDiSDq 



.SDiSDq 



where = Y/n, Y is the bit-length of the random num- 
ber to be generated in the second step, and n is the bit- 
length of the output data of the hashing algorithm, Hash. 
15 Furthermore, SU X is input data block x, SI X is output data 
block x, SK X is key data block x and SD X seed data block 
x. In this embodiment, the hashing algorithm is performed 
using a symmetric encryption algorithm, AES . As realized . 
by the person skilled in the art, there are a significant 

2 0 number of conceivable algorithms that can be used to ob- 

tain an increased randomness and that can be implemented 
instead of the AES algorithm. The seed update can be per- 
formed with a full update of the seed, i.e. with all data 
blocks included in SI, or with one data block, SI X . This 
25 is dependent on the requirements of the random number 

calculation algorithm in part two and the computer power 
at hand. 

Then, at step 840, in the random number calculation 
part, the key data blocks and seed data blocks are used 

3 0 as input data in a second algorithm, which in this em- 

bodiment utilizes a symmetrical encryption algorithm, for 
example AES. The algorithm performed at step 840 is an 
iterative algorithm. As mentioned above, there are a num- 
ber of alternative encryption algorithms that can be used 
35 in said second algorithm instead of AES, for example IDEA 
or DES. Alternatively, A3 or A5, which are stream ciphers 
and are used for symmetrical encryption, may be used. A 
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counter, seed count, is also included. It counts the num- 
ber of times the random number calculation was used since 
the input data were updated in the seed update. Mathe- 
matically, the random number calculation can be written 
5 as 



Input data: key data = SK^-i- .SKiSK 0 

seed data = SD m -i. .SDxSDo 
seed count 

10 Calculation For x from 0 to (m-1) 

1.1 PR X = Encrypt (key=SK x/ input =SD X ) 

1.2 SK( x+ 2)raod m = SK( x+2 )Tnod m XOr PR X 

1.3 SD^+ijmod m " SD( x+ i) TOO d m XOr PR X 

seed count = seed count + 1 
15 Output data: random number = PR^-x- -PRiPRo 

key data = SKn-i . . SKiSKo 

seed data = SD m -i. .SDiSD 0 

seed count 



20 where PR X is a random number data block x, xor is an 

XOR operation, mod is a modulus operation, and encrypt is 
a symmetric encryption algorithm. Also, a block transfor- 
mation is performed in the calculation step. This trans- 
formation further increases the randomness of the random 

2 5 numbers . 

The transformation of steps 1 . 2 and 1 . 3 could be 
made in a number of other ways, but the described method 
ensures that all changes in a block is transformed 
through out most of the random seed, and thereby ensures 

3 0 a high quality random seed for the following calculation. 

According to an alternative embodiment, the second 
algorithm is a hash function, preferably using the same 
symmetrical encryption algorithm as in the second algo- 
rithm described above. 
35 Finally, at step 850, the method is returned to the 

procedure shown in Fig. 4 at step 460, where the actual 
encryption of the message is performed using, in this 
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preferred embodiment, the AES encryption algorithm, where 
the random number data PR X obtained through the above 
method are used as the encryption key at step 460 of Fig. 
4. 

5 Alternatively, an encryption of the random number 

data PR* is performed, for example by the use of an asym- 
metric encryption algorithm. Then, the encrypted random 
number data is sent to the receiver of the encrypted mes- 
sage. The receiver performs a hashing on the encrypted 
10 random number data and uses the resulting hash value as a 
private encryption key, which then is used in an asymmet- 
ric encryption algorithm for decryption of the received 
message . 

Although specific embodiments have been shown and 
15 described herein for purposes of illustration and exem- 
plification, it is understood by those of ordinary skill 
in the art that the specific embodiments shown and de- 
scribed may be substituted for a wide variety of alterna- 
tive and/or equivalent implementations without departing 
2 0 from the scope of the present invention. Those of ordi- 
nary skill in the art will readily appreciate that the 
present invention could be implemented in a wide variety 
of embodiments, including various hardware and software 
implementations, or combinations thereof. This applica- 
2 5 tion is intended to cover any adaptations or variations 
of the preferred embodiments discussed herein. Conse- 
quently, the present invention is defined by the wordings 
of the appended claims and equivalents thereof. 
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CLAIMS 

1. A method for encrypting a message for secure 
transmission of said message from a sending device to a 

5 receiver, comprising the steps of 
obtaining optical data, 

generating an encryption key using said optical data 
as random seed, and 

encrypting said message using said encryption key in 
10 an encryption algorithm. 

2. The method according to claim 1, wherein the step 
of obtaining said optical data comprises the step of 

"^6Btaining' skfdr^p^tical data using an optical 'sensor, 
said optical data representing values of an optical pa- 
15 rameter readable by said optical sensor. 

3. The method according to claim 2, wherein said op- 
tical parameter is brightness sensed by said optical sen- 
sor. 

4 . The method according to claim 2 or 3 , wherein the 

2 0 step of obtaining optical data comprises the step of 

obtaining said optical data from a portion of a sur- 
face provided with a position code pattern, wherein said 
position code pattern includes optical readable markings, 
and wherein said optical parameter is representative of 
25 said portion. 

5. The method according to any one of claims' 2-4, 
wherein the step of generating an encryption key com- 
prises the steps of 

processing said optical data according to a prede- 

3 0 termined scheme, 

organizing said processed optical data in data 
fields, wherein each data field has a predetermined size, 
and 

organizing said data fields in a predetermined order 
3 5 in data records. 

6. The method according to claim 5, wherein the step 
of processing said optical data comprises the step of 
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calculating statistical properties of sets of said 
optical parameter values represented by said optical 
data, whereby said statistical properties constitute said 
processed optical data. 
5 7. The method according to claim 6, wherein said 

statistical properties comprise a maximum value, a mini- 
mum value and a sum value of said set of optical parame- 
ter values, and wherein the step of processing said opti- 
cal data comprises the steps of 

10 organizing said maximum value in at least one maxi- 

mum data field, said minimum value in at least one mini- 
mum data field, and said sum value in at least one sum 
data field, and 

organizing said maximum, minimum, and sum data 

15 fields in a data record according to said predetermined 
order . 

8- The method according to any one of claims 5-7, 
wherein the step of processing said optical data com- 
prises the steps of 

2 0 rearranging the order of said data fields within at 

least one data record of a first series of data records 
according to a first reordering algorithm, thereby ob- 
taining a first series of rearranged data records, and 

rearranging the order of said data fields within at 
25 least one data record of a second series of data records 
according to a second reordering algorithm, thereby ob- 
taining a second series of rearranged data records . 

9 . The method according to claim 8 , wherein an en- 
cryption key comprises key data and input data, and 

3 0 wherein the step of generating an encryption key com- 

prises the steps of 

using said first series of rearranged data records 
as said key data, and 

using said second series of rearranged data records 
3 5 as said input data. 
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10. The method according to any one of claims 5-7 , 
wherein the step of generating an encryption key com- 
prises the steps of 

processing a set of a predetermined number of said 
5 data records in a first step using a first hash function, 
thereby obtaining a first output, 

processing said first output in a second step using 
an iterative algorithm, thereby obtaining a second out- 
put , and 

10 using said second output as said encryption key or 

for generating said encryption key. 

11. The method according to claim 10, wherein, in 
said second step, said first output is processed using a 
second hash function. 

15 12. The method according to claim 10 or 11, wherein 

in said first and second steps, a first and a second sym- 
metrical encryption algorithm, respectively, is used. 

13. The method according to claim 12, wherein one 
symmetrical encryption algorithm is used both as said 

2 0 first and as said second symmetrical encryption algo- 
rithms . 

14 . The method according to claim 13 , wherein one 
symmetrical encryption algorithm is used both as said en- 
cryption algorithm for performing said step of encrypting 

2 5 said message, and as said first and said second symmetri- 

cal encryption algorithms. 

15 . The method according to any one of the preceding 
claims, wherein the encryption key comprises key data and 
input data, the method further comprising the steps of 

3 0 using a first subset of said optical data for gener- 

ating said key data, and 

using a second subset of said optical data for gen- 
erating said input data. 

16 . The method according to any one of the preceding 
35 claims, wherein said encryption algorithm for encrypting 

said message is a symmetric encryption algorithm. 
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17. The method according to claim 1, further com- 
prising the steps of 

obtaining pressure data using pressure sensing 
means, wherein the step of generating an encryption key 
5 comprises the step of 

generating an encryption key using said pressure 
data in combination with said optical data as random 
seed. 

18. The method according to claim 1, further com- 
10 prising the steps of 

obtaining time data, wherein the step of generating 
an encryption key comprises the step of 

generating an encryption key using said time data in 
combination with said optical data as random seed. 
15 19. The method according to any one of the preceding 

claims, wherein said steps are performed in a digital pen 
comprising an optical sensor and said sending device. 

20. Computer readable medium comprising instructions* 
for bringing a computer to perform a method according to ~ 

20 any one of the preceding claims. 

21. Device for encrypting a message for secure wire- 
less transmission of said message from a sender to a re- 
ceiver, compr i sing 

receiving means for receiving optical data, said op- 
25 tical data representing values of an optical parameter, 
processing means for generating an encryption key 
using said optical data as random seed, and 

encryption means for encrypting the message to be 
transmitted using said encryption key. 
30 22. Device according to claim 21, wherein said opti- 

cal data has been obtained from a portion of a surface 
provided with a position code pattern having optical 
readable markings . 

23 • Device according to claim 21 or 22, wherein said 
35 processing means is further arranged to 

processing said optical data according to a prede- 
termined scheme, 
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organizing said processed optical data in data 
fields, wherein each data field has a predetermined size, 
and 

organizing said data fields in a predetermined order 
5 in data records. 

24. Device according to claim 23, wherein said proc- 
essing means is further arranged to calculate statistical 
properties of sets of said optical parameter values rep- 
resented by said optical data, whereby said statistical 

10 properties constitute said processed optical data. 

25. Device according to claim 24, wherein said prop- 
erties comprise a maximum value, a minimum value and a 
sum value of said set* of optical parameter values, and 
wherein said processing means is further arranged to 

15 organize said maximum value in at least one maximum 

data field, said minimum value in at least one minimum 
data field, and said sum value in at least one sum data 
field, and 

organize said maximum, minimum, and sum data fields 
20 in a data record according to said predetermined order. 

26. Device according to any one of claims 23-25, 
wherein said processing means is further arranged to 

rearrange the order of said data fields within at 
least one data record of a first series of data records 
25 according to a first reordering algorithm, thereby ob- 
taining a first series of rearranged data records, and 
rearrange the order of said data fields within at 
least one data record of a second series of data records 
according to a second reordering algorithm, thereby ob- 
30 taining a second series of rearranged data records. 

27. Device according to claim 26, wherein an encryp- 
tion key comprises key data and input data, and wherein 
the processing means is further arranged to 

use said first series of rearranged data records as 
35 said key data, and 

use said second series of rearranged data records as 
said input data. 



BNSOOC1D: <WO 0195091 A1 I > 



BNS Daae 3( 



WO 01/95091 



PCT/SEO 1/01296 



35 

28. The device according to any one of claims 23-25, 
wherein the processing means is further arranged to 

process a set of a predetermined number of said data 
records in a first step using a first hash function, 
5 thereby obtaining a first output, 

process said first output in a second step using an 
iterative algorithm, thereby obtaining a second output, 
and 

use said second output as said encryption key or for 
10 generating said encryption key. 

29. The device according to claim 28, wherein said 
processing means is further arranged to use a second hash 

"'function'' for procWfesing said first output in said second 
step. 

15 30. The device according to claim 28 or 29, wherein 

in said first and second steps, a first and a second sym- 
metrical encryption algorithm, respectively, is used. 

31. The device according to claim 30, wherein the 
processing means is further arranged to use one symmetri-' 

2 0 cal encryption algorithm both as said first and as said 
second symmetrical encryption algorithms . 

32. The device according to claim 30, wherein the 
processing means is further arranged to use one symmetri- 
cal encryption algorithm both as said encryption algo- 

2 5 rithm for performing said step of encrypting said mes- 

sage, as said first and as said second symmetrical en- 
cryption algorithms. 

33. Device according to any one of claims 21-32, 
wherein said encryption means is further arranged to en- 

3 0 crypt said message using a symmetric encryption algo- 

rithm. 

34. Device according to any one of claims 21-33, 
wherein said encryption means is further arranged to 

use a subset of said optical data as key data for 
35 said encryption algorithm, and 

use a second subset of said optical data as input 
data for said encryption algorithm. 
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35. Device according to claim 21, wherein said re- 
ceiving means is further arranged for receiving pressure 
data, and wherein said processing means is arranged to 
generate said encryption key using said pressure data in 

5 combination with said optical data. 

36. Device according to claim 21, wherein said proc- 
essing means is further arranged to obtain time data, and 
to generate an encryption key using said time data in 
combination with said optical data. 

10 37. A sending device arranged for obtaining a mes- 

sage and for sending said message to a receiver, compris- 
ing 

an optical sensor for obtaining optical data, 
a device as claimed in any one of claims 20-34 for 
15 encrypting said message prior to transmission thereof, 
and 

transmitting means for transmitting said message. 
38. The sending device according to claim 37, 
wherein the sending device is a digital pen device. 

2 0 39. An information management system comprising a 

plurality of products (P) provided with a position code 
pattern, a plurality of digital pens (DP) capable of 
reading said position code, and a server means (ALS) com- 
municating with said digital pens (DP) in at least one 
25 communication network, said server means (ALS) including 
a position data base (GSDB) which associates positions 
coded by said position code (PC) with rules for informa- 
tion management, wherein said digital pens (DP) are ar- 
ranged to communicate to said server means (ALS) informa- 

3 0 tion which is registered on said products (P) in the form 

of at least one position which is coded by said position 
code, wherein each digital pen comprises a device as 
claimed in any one of claims 21-36. 

40. A method for authentication of a sent message, 
3 5 wherein said message is sent from a sender to a receiver, 
comprising the steps of 

obtaining optical data, 
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using said optical data for generating random number 

data, 

encrypting said random number data, and using said 
encrypted random number data for authentication of said 
5 message . 
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